codeql-development-mcp-server 2.24.1-rc1

package/ql/java/tools/src/PrintCFG/PrintCFG.ql

@@ -0,0 +1,35 @@
+/**
+ * @name Print CFG for java
+ * @description Produces a representation of a file's Control Flow Graph for specified source files.
+ * @id java/tools/print-cfg
+ * @kind graph
+ * @tags cfg
+ */
+
+import java
+import semmle.code.java.ControlFlowGraph
+
+/**
+ * Holds if the node is an exit-related CFG node.
+ * These nodes are excluded from the output because their ordering
+ * is non-deterministic across CodeQL CLI versions.
+ */
+private predicate isExitNode(ControlFlow::Node node) {
+  node.toString().matches("%Exit")
+}
+
+/**
+ * Configuration for PrintCFG that outputs all CFG nodes and edges,
+ * excluding exit nodes for deterministic output.
+ */
+query predicate nodes(ControlFlow::Node node, string property, string value) {
+  property = "semmle.label" and
+  value = node.toString() and
+  not isExitNode(node)
+}
+
+query predicate edges(ControlFlow::Node pred, ControlFlow::Node succ) {
+  pred.getASuccessor() = succ and
+  not isExitNode(pred) and
+  not isExitNode(succ)
+}

package/ql/java/tools/src/codeql-pack.lock.yml

@@ -0,0 +1,32 @@
+---
+lockVersion: 1.0.0
+dependencies:
+  codeql/controlflow:
+    version: 2.0.25
+  codeql/dataflow:
+    version: 2.0.25
+  codeql/java-all:
+    version: 8.0.0
+  codeql/mad:
+    version: 1.0.41
+  codeql/quantum:
+    version: 0.0.19
+  codeql/rangeanalysis:
+    version: 1.0.41
+  codeql/regex:
+    version: 1.0.41
+  codeql/ssa:
+    version: 2.0.17
+  codeql/threat-models:
+    version: 1.0.41
+  codeql/tutorial:
+    version: 1.0.41
+  codeql/typeflow:
+    version: 1.0.41
+  codeql/typetracking:
+    version: 2.0.25
+  codeql/util:
+    version: 2.0.28
+  codeql/xml:
+    version: 1.0.41
+compiled: false

package/ql/java/tools/src/codeql-pack.yml

@@ -0,0 +1,6 @@
+name: advanced-security/ql-mcp-java-tools-src
+version: 2.24.1-rc1
+description: 'Queries for codeql-development-mcp-server tools for java language'
+library: false
+dependencies:
+  codeql/java-all: 8.0.0

package/ql/javascript/tools/src/CallGraphFrom/CallGraphFrom.ql

@@ -0,0 +1,49 @@
+/**
+ * @name Call Graph From for javascript
+ * @description Displays calls made from a specified function, showing the call graph outbound from the source function.
+ * @id javascript/tools/call-graph-from
+ * @kind problem
+ * @problem.severity recommendation
+ * @tags call-graph
+ */
+
+import javascript
+
+/**
+ * Gets the source function name for which to generate the call graph.
+ * Can be a single function name or comma-separated list of function names.
+ */
+external string sourceFunction();
+
+/**
+ * Gets a single source function name from the comma-separated list.
+ */
+string getSourceFunctionName() {
+  result = sourceFunction().splitAt(",").trim()
+}
+
+/**
+ * Gets a function by matching against the selected source function names.
+ */
+Function getSourceFunction() {
+  exists(string selectedFunc |
+    selectedFunc = getSourceFunctionName() and
+    result.getName() = selectedFunc
+  )
+}
+
+from CallExpr call, Function source
+where
+  call.getEnclosingFunction() = source and
+  (
+    // Use external predicate if available
+    source = getSourceFunction()
+    or
+    // Fallback for unit tests: include test files
+    (
+      not exists(getSourceFunction()) and
+      source.getFile().getParentContainer().getParentContainer().getBaseName() = "test"
+    )
+  )
+select call,
+  "Call from `" + source.getName() + "` to `" + call.getCalleeName() + "`"

package/ql/javascript/tools/src/CallGraphTo/CallGraphTo.ql

@@ -0,0 +1,47 @@
+/**
+ * @name Call Graph To for javascript
+ * @description Displays calls made to a specified function, showing the call graph inbound to the target function.
+ * @id javascript/tools/call-graph-to
+ * @kind problem
+ * @problem.severity recommendation
+ * @tags call-graph
+ */
+
+import javascript
+
+/**
+ * Gets the target function name for which to generate the call graph.
+ * Can be a single function name or comma-separated list of function names.
+ */
+external string targetFunction();
+
+/**
+ * Gets a single target function name from the comma-separated list.
+ */
+string getTargetFunctionName() {
+  result = targetFunction().splitAt(",").trim()
+}
+
+/**
+ * Gets the caller name for a call expression.
+ */
+string getCallerName(CallExpr call) {
+  if exists(call.getEnclosingFunction())
+  then result = call.getEnclosingFunction().getName()
+  else result = "Top-level"
+}
+
+from CallExpr call
+where
+  (
+    // Use external predicate if available
+    call.getCalleeName() = getTargetFunctionName()
+    or
+    // Fallback for unit tests: include test files
+    (
+      not exists(getTargetFunctionName()) and
+      call.getFile().getParentContainer().getParentContainer().getBaseName() = "test"
+    )
+  )
+select call,
+  "Call to `" + call.getCalleeName() + "` from `" + getCallerName(call) + "`"

package/ql/javascript/tools/src/PrintAST/PrintAST.ql

@@ -0,0 +1,60 @@
+/**
+ * @name Print AST for javascript
+ * @description Outputs a representation of the Abstract Syntax Tree for specified source files.
+ * @id javascript/tools/print-ast
+ * @kind graph
+ * @tags ast
+ */
+
+import javascript
+import semmle.javascript.PrintAst
+
+/**
+ * Gets the source files to generate AST from.
+ * Can be a single file path or comma-separated list of file paths.
+ */
+external string selectedSourceFiles();
+
+/**
+ * Gets a single source file from the comma-separated list.
+ */
+string getSelectedSourceFile() {
+  result = selectedSourceFiles().splitAt(",").trim()
+}
+
+/**
+ * Gets a file by matching against the selected source file paths.
+ */
+File getSelectedFile() {
+  exists(string selectedFile |
+    selectedFile = getSelectedSourceFile() and
+    (
+      // Match by exact relative path from source root
+      result.getRelativePath() = selectedFile or
+      // Match by file name if no path separators
+      (not selectedFile.matches("%/%") and result.getBaseName() = selectedFile) or
+      // Match by ending path component
+      result.getAbsolutePath().suffix(result.getAbsolutePath().length() - selectedFile.length()) = selectedFile
+    )
+  )
+}
+
+/**
+ * Configuration for PrintAST that uses external predicates to specify source files.
+ * Falls back to test directory structure when external predicates are not available.
+ */
+class Cfg extends PrintAstConfiguration {
+  override predicate shouldPrint(Locatable e, Location l) {
+    super.shouldPrint(e, l) and
+    (
+      // Use external predicate if available
+      l.getFile() = getSelectedFile()
+      or
+      // Fallback for unit tests: include test files
+      (
+        not exists(getSelectedFile()) and
+        l.getFile().getParentContainer().getParentContainer().getBaseName() = "test"
+      )
+    )
+  }
+}

package/ql/javascript/tools/src/PrintCFG/PrintCFG.md

@@ -0,0 +1,57 @@
+# Print CFG for JavaScript
+
+Produces a representation of a file's Control Flow Graph (CFG) for specified source files.
+
+## Overview
+
+The Control Flow Graph represents the order in which statements and expressions are executed in a program. Each node in the graph represents a control-flow element (statement or expression), and edges represent possible execution paths between them.
+
+This query outputs all CFG nodes and their successor relationships for JavaScript code, which is useful for understanding program execution flow, debugging control flow issues, and analyzing code paths.
+
+## Use Cases
+
+This query is primarily used for:
+
+- Visualizing program execution flow
+- Understanding complex branching logic
+- Debugging control flow issues
+- Analysis of code paths and reachability
+- IDE integration for control flow visualization
+
+## Example
+
+The following JavaScript code demonstrates control flow through conditional statements and loops:
+
+```javascript
+function example(x) {
+  if (x > 0) {
+    // COMPLIANT - Branching creates CFG edges
+    console.log('Positive');
+  } else {
+    console.log('Non-positive');
+  }
+
+  for (let i = 0; i < 3; i++) {
+    // COMPLIANT - Loop creates cyclic CFG
+    console.log(i);
+  }
+}
+```
+
+In the resulting CFG:
+
+- The `if` condition creates two outgoing edges (true/false branches)
+- The `for` loop creates a cycle back to the condition check
+- Each statement connects to its successor in execution order
+
+## Output Format
+
+The query produces two relations:
+
+- `nodes(ControlFlowNode, string, string)`: Each CFG node with its label
+- `edges(ControlFlowNode, ControlFlowNode)`: Successor relationships between nodes
+
+## References
+
+- [JavaScript Control Flow](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Control_flow_and_error_handling)
+- [CodeQL Control Flow Graph](https://codeql.github.com/docs/writing-codeql-queries/about-control-flow-in-codeql/)

package/ql/javascript/tools/src/PrintCFG/PrintCFG.ql

@@ -0,0 +1,21 @@
+/**
+ * @name Print CFG for javascript
+ * @description Produces a representation of a file's Control Flow Graph for specified source files.
+ * @id javascript/tools/print-cfg
+ * @kind graph
+ * @tags cfg
+ */
+
+import javascript
+
+/**
+ * Configuration for PrintCFG that outputs all CFG nodes and edges.
+ */
+query predicate nodes(ControlFlowNode node, string property, string value) {
+  property = "semmle.label" and
+  value = node.toString()
+}
+
+query predicate edges(ControlFlowNode pred, ControlFlowNode succ) {
+  pred.getASuccessor() = succ
+}

package/ql/javascript/tools/src/codeql-pack.lock.yml

@@ -0,0 +1,30 @@
+---
+lockVersion: 1.0.0
+dependencies:
+  codeql/concepts:
+    version: 0.0.15
+  codeql/controlflow:
+    version: 2.0.25
+  codeql/dataflow:
+    version: 2.0.25
+  codeql/javascript-all:
+    version: 2.6.21
+  codeql/mad:
+    version: 1.0.41
+  codeql/regex:
+    version: 1.0.41
+  codeql/ssa:
+    version: 2.0.17
+  codeql/threat-models:
+    version: 1.0.41
+  codeql/tutorial:
+    version: 1.0.41
+  codeql/typetracking:
+    version: 2.0.25
+  codeql/util:
+    version: 2.0.28
+  codeql/xml:
+    version: 1.0.41
+  codeql/yaml:
+    version: 1.0.41
+compiled: false

package/ql/javascript/tools/src/codeql-pack.yml

@@ -0,0 +1,6 @@
+name: advanced-security/ql-mcp-javascript-tools-src
+version: 2.24.1-rc1
+description: 'Queries for codeql-development-mcp-server tools for javascript language'
+library: false
+dependencies:
+  codeql/javascript-all: 2.6.21

package/ql/python/tools/src/CallGraphFrom/CallGraphFrom.ql

@@ -0,0 +1,49 @@
+/**
+ * @name Call Graph From for python
+ * @description Displays calls made from a specified function, showing the call graph outbound from the source function.
+ * @id python/tools/call-graph-from
+ * @kind problem
+ * @problem.severity recommendation
+ * @tags call-graph
+ */
+
+import python
+
+/**
+ * Gets the source function name for which to generate the call graph.
+ * Can be a single function name or comma-separated list of function names.
+ */
+external string sourceFunction();
+
+/**
+ * Gets a single source function name from the comma-separated list.
+ */
+string getSourceFunctionName() {
+  result = sourceFunction().splitAt(",").trim()
+}
+
+/**
+ * Gets a function by matching against the selected source function names.
+ */
+Function getSourceFunction() {
+  exists(string selectedFunc |
+    selectedFunc = getSourceFunctionName() and
+    result.getName() = selectedFunc
+  )
+}
+
+from CallNode call, Function source
+where
+  call.getScope() = source and
+  (
+    // Use external predicate if available
+    source = getSourceFunction()
+    or
+    // Fallback for unit tests: include test files
+    (
+      not exists(getSourceFunction()) and
+      call.getLocation().getFile().getParentContainer().getParentContainer().getBaseName() = "test"
+    )
+  )
+select call.getNode(),
+  "Call from `" + source.getName() + "` to `" + call.getNode().(Call).getFunc().(Name).getId() + "`"

package/ql/python/tools/src/CallGraphTo/CallGraphTo.ql

@@ -0,0 +1,47 @@
+/**
+ * @name Call Graph To for python
+ * @description Displays calls made to a specified function, showing the call graph inbound to the target function.
+ * @id python/tools/call-graph-to
+ * @kind problem
+ * @problem.severity recommendation
+ * @tags call-graph
+ */
+
+import python
+
+/**
+ * Gets the target function name for which to generate the call graph.
+ * Can be a single function name or comma-separated list of function names.
+ */
+external string targetFunction();
+
+/**
+ * Gets a single target function name from the comma-separated list.
+ */
+string getTargetFunctionName() {
+  result = targetFunction().splitAt(",").trim()
+}
+
+/**
+ * Gets the caller name for a call expression.
+ */
+string getCallerName(CallNode call) {
+  if exists(call.getScope())
+  then result = call.getScope().getName()
+  else result = "Module"
+}
+
+from CallNode call
+where
+  (
+    // Use external predicate if available
+    call.getNode().(Call).getFunc().(Name).getId() = getTargetFunctionName()
+    or
+    // Fallback for unit tests: include test files
+    (
+      not exists(getTargetFunctionName()) and
+      call.getLocation().getFile().getParentContainer().getParentContainer().getBaseName() = "test"
+    )
+  )
+select call.getNode(),
+  "Call to `" + call.getNode().(Call).getFunc().(Name).getId() + "` from `" + getCallerName(call) + "`"

package/ql/python/tools/src/PrintAST/PrintAST.ql

@@ -0,0 +1,62 @@
+/**
+ * @name Print AST for python
+ * @description Outputs a representation of the Abstract Syntax Tree for specified source files.
+ * @id python/tools/print-ast
+ * @kind graph
+ * @tags ast
+ */
+
+import semmle.python.PrintAst
+
+/**
+ * Gets the source files to generate AST from.
+ * Can be a single file path or comma-separated list of file paths.
+ */
+external string selectedSourceFiles();
+
+/**
+ * Gets a single source file from the comma-separated list.
+ */
+string getSelectedSourceFile() {
+  result = selectedSourceFiles().splitAt(",").trim()
+}
+
+/**
+ * Gets a file by matching against the selected source file paths.
+ */
+File getSelectedFile() {
+  exists(string selectedFile |
+    selectedFile = getSelectedSourceFile() and
+    (
+      // Match by exact relative path from source root
+      result.getRelativePath() = selectedFile or
+      // Match by file name if no path separators
+      (not selectedFile.matches("%/%") and result.getBaseName() = selectedFile) or
+      // Match by ending path component
+      result.getAbsolutePath().suffix(result.getAbsolutePath().length() - selectedFile.length()) = selectedFile
+    )
+  )
+}
+
+/**
+ * Configuration for PrintAST that uses external predicates to specify source files.
+ * Falls back to test directory structure when external predicates are not available.
+ */
+class Cfg extends PrintAstConfiguration {
+  override predicate shouldPrint(AstNode e, Location l) {
+    super.shouldPrint(e, l) and
+    (
+      // Use external predicate if available
+      l.getFile() = getSelectedFile()
+      or
+      // Fallback for unit tests: include test files
+      (
+        not exists(getSelectedFile()) and
+        l.getFile().getParent().getParent().getBaseName() = "test"
+      )
+    ) and
+    // Exclude the "Name" class so that results are deterministic
+    // for a given source file, which is required for reproducible results
+    not e.getAQlClass() = "Name"
+  }
+}

package/ql/python/tools/src/PrintCFG/PrintCFG.md

@@ -0,0 +1,52 @@
+# Print CFG for Python
+
+Produces a representation of a file's Control Flow Graph (CFG) for specified source files.
+
+## Overview
+
+The Control Flow Graph represents the order in which statements and expressions are executed in a program. Each node in the graph represents a control-flow element (statement or expression), and edges represent possible execution paths between them.
+
+This query outputs all CFG nodes and their successor relationships for Python code, which is useful for understanding program execution flow, debugging control flow issues, and analyzing code paths.
+
+## Use Cases
+
+This query is primarily used for:
+
+- Visualizing program execution flow
+- Understanding complex branching logic
+- Debugging control flow issues
+- Analysis of code paths and reachability
+- IDE integration for control flow visualization
+
+## Example
+
+The following Python code demonstrates control flow through conditional statements and loops:
+
+```python
+def example(x):
+    if x > 0:                      # COMPLIANT - Branching creates CFG edges
+        print("Positive")
+    else:
+        print("Non-positive")
+
+    for i in range(3):             # COMPLIANT - Loop creates cyclic CFG
+        print(i)
+```
+
+In the resulting CFG:
+
+- The `if` condition creates two outgoing edges (true/false branches)
+- The `for` loop creates a cycle back to the iterator
+- Each statement connects to its successor in execution order
+
+## Output Format
+
+The query produces two relations:
+
+- `nodes(ControlFlowNode, string, string)`: Each CFG node with its label
+- `edges(ControlFlowNode, ControlFlowNode)`: Successor relationships between nodes
+
+## References
+
+- [Python Control Flow](https://docs.python.org/3/tutorial/controlflow.html)
+- [CodeQL Control Flow Graph](https://codeql.github.com/docs/writing-codeql-queries/about-control-flow-in-codeql/)

package/ql/python/tools/src/PrintCFG/PrintCFG.ql

@@ -0,0 +1,21 @@
+/**
+ * @name Print CFG for python
+ * @description Produces a representation of a file's Control Flow Graph for specified source files.
+ * @id python/tools/print-cfg
+ * @kind graph
+ * @tags cfg
+ */
+
+import python
+
+/**
+ * Configuration for PrintCFG that outputs all CFG nodes and edges.
+ */
+query predicate nodes(ControlFlowNode node, string property, string value) {
+  property = "semmle.label" and
+  value = node.toString()
+}
+
+query predicate edges(ControlFlowNode pred, ControlFlowNode succ) {
+  pred.getASuccessor() = succ
+}

package/ql/python/tools/src/codeql-pack.lock.yml

@@ -0,0 +1,30 @@
+---
+lockVersion: 1.0.0
+dependencies:
+  codeql/concepts:
+    version: 0.0.15
+  codeql/controlflow:
+    version: 2.0.25
+  codeql/dataflow:
+    version: 2.0.25
+  codeql/mad:
+    version: 1.0.41
+  codeql/python-all:
+    version: 6.1.0
+  codeql/regex:
+    version: 1.0.41
+  codeql/ssa:
+    version: 2.0.17
+  codeql/threat-models:
+    version: 1.0.41
+  codeql/tutorial:
+    version: 1.0.41
+  codeql/typetracking:
+    version: 2.0.25
+  codeql/util:
+    version: 2.0.28
+  codeql/xml:
+    version: 1.0.41
+  codeql/yaml:
+    version: 1.0.41
+compiled: false

package/ql/python/tools/src/codeql-pack.yml

@@ -0,0 +1,6 @@
+name: advanced-security/ql-mcp-python-tools-src
+version: 2.24.1-rc1
+description: 'Queries for codeql-development-mcp-server tools for python language'
+library: false
+dependencies:
+  codeql/python-all: 6.1.0

package/ql/ruby/tools/src/CallGraphFrom/CallGraphFrom.ql

@@ -0,0 +1,40 @@
+/**
+ * @name Call Graph From for ruby
+ * @description Displays calls made from a specified method, showing the call graph outbound from the source method.
+ * @id ruby/tools/call-graph-from
+ * @kind problem
+ * @problem.severity recommendation
+ * @tags call-graph
+ */
+
+private import codeql.ruby.AST
+private import codeql.ruby.DataFlow
+
+/**
+ * Gets the source method name for which to generate the call graph.
+ * Can be a single method name or comma-separated list of method names.
+ */
+external string sourceFunction();
+
+/**
+ * Gets a single source method name from the comma-separated list.
+ */
+string getSourceFunctionName() {
+  result = sourceFunction().splitAt(",").trim()
+}
+
+from MethodCall call, MethodBase source
+where
+  call.getEnclosingMethod() = source and
+  (
+    // Use external predicate if available
+    source.getName() = getSourceFunctionName()
+    or
+    // Fallback for unit tests: include test files
+    (
+      not exists(getSourceFunctionName()) and
+      source.getLocation().getFile().getParentContainer().getParentContainer().getBaseName() = "test"
+    )
+  )
+select call,
+  "Call from `" + source.getName() + "` to `" + call.getMethodName() + "`"